Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

LMA ISIDA Retriever 5.2 sql injection [CVE-2021-26904]

A vulnerability classified as critical has been found in LMA ISIDA Retriever 5.2. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

LMA ISIDA Retriever 5.2 query['text'] cross site scripting

A vulnerability was found in LMA ISIDA Retriever 5.2. It has been rated as problematic. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Mozilla Firefox up to 85.x memory corruption [CVE-2021-23979]

A vulnerability was found in Mozilla Firefox up to 85.x (Web Browser). It has been declared as critical. Affected by this vulnerability is an unknown function. Upgrading to version 86.0 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption [CVE-2021-23978]

A vulnerability was found in Mozilla Firefox, Firefox ESR and Thunderbird (Web Browser) (version unknown). It has been classified as critical. Affected is some unknown processing. Upgrading eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Mozilla Firefox up to 84.x memory corruption [CVE-2021-23965]

A vulnerability was found in Mozilla Firefox up to 84.x (Web Browser) and classified as critical. This issue affects an unknown code block. Upgrading to version 85.0 eliminates this vulnerability. The upgrade is hosted for download at mozilla.org.
Auteur: VulDB

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption [CVE-2021-23964]

A vulnerability has been found in Mozilla Firefox, Firefox ESR and Thunderbird (Web Browser) (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code. Upgrading eliminates this vulnerability. The...
Auteur: VulDB

thecodingmachine Gotenberg /convert/html src server-side request forgery

A vulnerability, which was classified as critical, was found in thecodingmachine Gotenberg (the affected version unknown). This affects an unknown part of the file /convert/html. There is no information about possible countermeasures known. It...
Auteur: VulDB

ProSoft ICX35-HWC-A/ICX35-HWC-E up to 1.9.62 Module Webpage access control

A vulnerability, which was classified as critical, has been found in ProSoft ICX35-HWC-A and ICX35-HWC-E up to 1.9.62. Affected by this issue is some unknown functionality of the component Module Webpage. There is no information about possible...
Auteur: VulDB

Node-Red up to 1.2.7 Projects API path traversal

A vulnerability classified as problematic was found in Node-Red up to 1.2.7. Affected by this vulnerability is an unknown functionality of the component Projects API. Upgrading to version 1.2.8 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

Node-Red up to 1.2.7 Admin API dynamically-determined object attributes

A vulnerability classified as critical has been found in Node-Red up to 1.2.7. Affected is an unknown function of the component Admin API. Upgrading to version 1.2.8 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Auteur: VulDB

Synapse up to 1.24.x .well-known resource consumption

A vulnerability was found in Synapse up to 1.24.x. It has been rated as problematic. This issue affects some unknown processing of the file .well-known. Upgrading to version 1.25.0 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

Synapse up to 1.24.x redirect [CVE-2021-21273]

A vulnerability was found in Synapse up to 1.24.x. It has been declared as problematic. This vulnerability affects an unknown code block. Upgrading to version 1.25.0 eliminates this vulnerability. The upgrade is hosted for download at github.com....
Auteur: VulDB

ownCloud Client up to 2.6 DLL injection

A vulnerability was found in ownCloud Client up to 2.6 (Cloud Software). It has been classified as critical. This affects an unknown code of the component DLL Handler. Upgrading to version 2.7 eliminates this vulnerability.
Auteur: VulDB

best it Amazon Pay Plugin up to 9.4.1 on Shopware information disclosure

A vulnerability was found in best it Amazon Pay Plugin up to 9.4.1 on Shopware and classified as problematic. Affected by this issue is an unknown part. Upgrading to version 9.4.2 eliminates this vulnerability.
Auteur: VulDB

Kaspersky Rescue Disk/Endpoint Security UEFI Module improper authentication

A vulnerability has been found in Kaspersky Rescue Disk and Endpoint Security (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown functionality of the component UEFI Module Handler. Upgrading...
Auteur: VulDB

ABB AC500 V2 Web Visualization resource consumption [CVE-2020-24686]

A vulnerability, which was classified as problematic, was found in ABB AC500 V2 (version unknown). Affected is an unknown functionality of the component Web Visualization. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Bosch DIVAR IP 5000 access control [CVE-2019-11684]

A vulnerability, which was classified as critical, has been found in Bosch Video Recording Manager, Video Management System and DIVAR IP 5000 (unknown version). This issue affects an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-149 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (26 février 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

CERTFR-2021-CTI-006 : 🇬🇧 The Ryuk Ransmoware (26 février 2021)

  First observed in August 2018, the Ryuk ransomware has since been used in Big Game Hunting operations. It is characterized by the use of different infection chains and the extreme …
Auteur: Cert FR

CERTFR-2021-AVI-148 : Multiples vulnérabilités dans Nagios XI (26 février 2021)

De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Keylime up to 5.8.1 Agent/Registrar signature verification

A vulnerability classified as critical was found in Keylime up to 5.8.1. This vulnerability affects some unknown processing of the component Agent/Registrar. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Custom Global Variables Plugin 1.0.5 on WordPress Form Field vars[0][name] cross site scripting

A vulnerability classified as problematic has been found in Custom Global Variables Plugin 1.0.5 on WordPress (WordPress Plugin). This affects an unknown code block of the component Form Field Handler. There is no information about possible...
Auteur: VulDB

Triconsole Datepicker Calendar up to 3.76 calendar_form.php cross site scripting

A vulnerability was found in Triconsole Datepicker Calendar up to 3.76 (Calendar Software). It has been rated as problematic. Affected by this issue is an unknown code of the file calendar_form.php. Upgrading to version 3.77 eliminates this...
Auteur: VulDB

Mozilla Firefox up to 85.x on Android toctou [CVE-2021-23977]

A vulnerability was found in Mozilla Firefox up to 85.x on Android (Web Browser). It has been classified as problematic. Affected is some unknown functionality. Upgrading to version 86.0 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Mozilla Firefox up to 85.x on Android Fullscreen improper restriction of rendered ui layers

A vulnerability was found in Mozilla Firefox up to 85.x on Android (Web Browser) and classified as critical. This issue affects an unknown functionality of the component Fullscreen Handler. Upgrading to version 86.0 eliminates this vulnerability....
Auteur: VulDB
12345678910Last

Événements SSI